If you have recently heard the TLS 1.3 buzz and want to know what it is, then this article is for you. This article will explain what TLS 1.3 is and how it differs from its earlier versions. You will understand why the web is moving toward TLS1.3 and what its advantages are.
TLS 1.3 is an encryption protocol that is used to encrypt the data between networks. Currently, it is the most updated encryption protocol so far. The Internet Engineering Task Force (IETF) has released the TLS 1.3 protocol in August 2018. Let us look at how this protocol came about.
How TLS 1.3 Happened
TLS means Transport Layer Security. This protocol was based on an earlier encryption protocol call Secure Sockets Layer or popularly known as SSL. TLS powers all the HTTPS sites today, although some still use the name SSL for TLS as it is widely popular. By the end of the 1990s, SSL was renamed TLS by IETF. Since then, TLS has been the default encryption standard for most of the internet.
TLS Version Name | IETF Naming |
TLS 1.0 | RFC 2246 |
TLS 1.1 | RFC 4346 |
TLS 1.2 | RFC 5246 |
TLS 1.3 | RFC 8446 |
Engineers designed TLS using tools from mathematicians. When a browser and web server agree on a cryptographic key, it is called a “TLS Handshake”. In TLS 1.2, this handshake required two round trips. This made the exchange of data slow. Thus, there was a need for a faster and more secure protocol. The IETF has worked last 5 years to design such a protocol. And now it presents itself as TLS 1.3.
What is TLS 1.3
The latest version of TLS is called TLS 1.3. It provides a faster and more secure connection between browsers and servers. It employs a secure and the latest cryptography standard that makes the connection secure. TLS 1.3 allows client/server applications to communicate over the internet such that it prevents eavesdropping, tampering, and message forgery. With TLS 1.3, RFC 5077, 5246 and 6961 are now obsolete, while 5705 and 6066 are updated.
TLS 1.3 addresses three key concerns about web server and browser connection; Authentication, confidentiality, and Integrity.
Authentication is done on the server side mandatorily while for client side it is optional. Servers use various methods of cryptography to keep the connection authentic.
Confidentiality means only endpoints can see the data sent over the channel after establishment.
Integrity means attackers cannot modify data sent over the channel after establishment without detection.
TLS 1.3 scores on all these benchmarks. Thus, it is the new standard of secure connection.
Benefits of TLS 1.3 over TLS 1.2
The TLS 1.2 had many vulnerabilities, the IETF had not addressed in its initial release. The “TLS Handshake” has been around since 1999 without much change. This TLS handshake required two additional round trips between the server and the browser to authenticate the connection. This caused latency in the connection. As a result, secure connections are slower compared to unsecured connections like HTTP.
TLS 1.3 has following benefits:
1. Enhanced Performance and faster connection:
TLS 1.3 improves user experience by reducing page load times significantly. It reduces a whole roundtrip connection making the connection faster.
2. Removal Of Redundant Features:
TLS 1.3 makes certain features redundant, such as:
- Static RSA Handshake
- CBC MtE Modes
- RC4
- SHA1, MD5
- Compression
- Renegotiation
3. New Features in TLS 1.3
- Full Handshake Signature
- Downgrade Protection
- Zero Round Trip Mode
- Forward Secrecy
- Encrypted ServerHello handshakes
4. Greater Security:
The IETF has made every attempt to address the vulnerabilities of TLS 1.2. Many features,
Support for TLS 1.3
TLS 1.3 needs client side support as well as server side support to be fully implemented.
Here is the current condition of such support as of Jan 2019:
1. Browser support:
- Firefox: Firefox supports TLS 1.3 from version 53 onwards. All the latest versions of Firefox support TLS 1.3
- Google Chrome: Chrome has been supporting TLS 1.3 since January 25, 2017. The latest version 70 supports TLS 1.3.
- Safari: Safari currently does not support TLS 1.3
- Internet Explorer: IE does not support TLS 1.3
- Microsoft Edge: It does not support TLS 1.3
- Opera: Opera does not support TLS 1.3
As we can see, only Google Chrome and Firefox are ready for TLS 1.3.
2. Server Support
You can check with your web host if it supports TLS 1.3 or not. There are tools like SSL Server Test which help you determine if your host supports TLS 1.3 or not.
Summary
So far, we have seen a short overview of TLS 1.3, how it evolved, how it is different than TLS 1.2 and what makes it so special. We discussed about its security features, its advanced functions like zero round trip that make it a faster encryption protocol. Hopefully, majority of the internet will adopt this protocol soon. With security becoming a paramount in today’s digital world, TLS 1.3 is a welcome change. Do you have more questions about TLS 1.3? Feel free to comment below. We will love to get back to you. Have a Happy day!